PDF Signing, eIDAS for Companies – CloudFoxy

We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.

CloudFoxy, eIDAS Signature – legally binding across European Union

I have heard interesting stories from some European countries, which use digital signatures to verify authenticity of legal documents. Stories about companies, which want to manage signing securely and reliably, but depend on off-the-shelf smart-card readers, which inherently feature high failure rates.

There are basically two main use-cases for eIDAS digital signing:

citizens want easy but secure communication with central and local governments;

companies want secure communication with governments, but also with their customers and partners.

The first use-case depends on USB smart-card readers. These solutions have been around for a long time and they work. Although they are still incredibly complicated to set up on an arbitrary computer.

The second use-case doesn’t really have any good solution at the moment. Some companies plug large numbers of smart cards to racks of servers (particularly because operating systems don’t support more than 10 to 16 smart cards), or on HSM-based solutions.

You may think that HSMs are the right choice – they are expensive, hard to use – the proper hard-core security. Unfortunately, because of a history of successful attacks on their APIs, auditors may require them to be hosted in high-security environments. This increases operating costs, as well as initial development and integration costs.

High level architecture of CloudFoxy solution

I personally love smart-cards, but I hate the way they are being handled by computers. So why don’t we simply remove the complicated legacy application stack and simply connect smart cards to a RESTful API, so we can use them just like any other secure cloud service, with any additional protection I, you, or a company may see appropriate.

And that’s exactly what we have done. Smart cards are the primary bearer of signing keys supported by all trusted eIDAS providers so the hardware integration is relatively straightforward.